Manage Chrome ADMX Policies using Intune | ADMX Injection Process on Windows 10

Let us learn how to inject the ADMX policy for Google chrome browser using Intune. Manage & Deploy Chrome ADMX Policies using Intune on Windows 10 devices.

NOTE! – Need to inject ADMX policies for Chrome before deploying any Chrome browser policies.

Download Chrome ADMX

• Download the Chrome ADMX from Download Google Chrome Bundle.
• Make sure you deploy Google Chrome application GoogleChromeStandaloneEnterprise64.msi (this MSI file is available in the bundle downloaded above). The guide deploying Chrome browser using Intune.

Chrome ADMX File

• Locate Chrome.ADMX file from Chrome\Configuration\admx folder. This file will be used in the below section of the post.

Create Chrome ADMX Injection Policy

• Login to Endpoint.Microsoft.com
• Navigate to Devices – Configuration profiles
• Click on +Create Profile
• Select Platform – Windows 10 and Later
• Select Profile – Custom
• Click on Create

• Enter the Name – Chrome ADMX Ingestion
• Enter the Description – Chrome ADMX Ingestion
• Click on Next

• Click on Add

• Enter the Name – Chrome ADMX Ingestion
• Enter the Description – Chrome ADMX Ingestion
• Enter OMA-URI Value – ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx
• Select Data type – String
• Enter the content of Chrome.admx file content (as mentioned in the above section) in the VALUE section.

• Click on Add
• Click on Next

• Select the Scope (Tags)
• Click +Add
• Select Tags -> Test
• Click on Select
• Click OK

Assigment Chrome ADMX Policies using Intune

• On the Assignments page.
• Click on + Select Groups to Include.
• Search for Azure AD Device Group which you want Inject Chrome ADMX policy.
• Click on the group – HTMD Windows Devices.
• Click on the Select button.
• Click on the Next button to continue.

• Applicability Rules – Specify how to apply this profile within an assigned group. Intune will only apply the profile to devices that meet the combined criteria of these rules.
• Click on Create button to complete the deployment of Chrome ADMX policies.

Results & Troubleshooting

You can verify the ADMX injection for the Chrome browser using Intune. The following information might help you to troubleshoot the issue related to ADMX injection on Windows 10 devices.

Intune Portal

• Intune Portal Results

Windows 10 Event Logs

• Windows 10 Event Logs – Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin

MDM PolicyManager: ADMX Ingestion: EnrollmentId (D8D5A74A-020E-40F2-BA69-086EDDDD9F08), app name (Chrome), setting type (Policy), unique Id (ChromeAdmx), area (NULL).
MDM PolicyManager: ADMX ingestion starting new Admx ingestion. EnrollmentId (D8D5A74A-020E-40F2-BA69-086EDDDD9F08), app name (Chrome), setting type (Policy), unique Id (ChromeAdmx).

Windows 10 Registry

• Registry Entries
  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxInstalled\D8D5A74A-020E-40F2-BA69-086EDDDD9F08\Chrome\Policy\ChromeAdmx

• Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\AdmxDefault

Video Recording Google Chrome ADMX Injection

Resources

• Microsoft Docs – ADMX https://docs.microsoft.com/en-us/windows/client-management/mdm/win32-and-centennial-app-policy-configuration
• Download Chrome Policies https://support.google.com/chrome/a/answer/9102677?hl=en
• ADMX Concept in details https://docs.microsoft.com/en-us/windows/client-management/mdm/understanding-admx-backed-policies
• Intune Line Of Business Application Google Chrome Deployment